You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2021/12/30 04:35:52 UTC
[incubator-nuttx] 02/04: xtensa/esp32: Enable the creation of encrypted Flash partitions
This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git
commit b6addaa4c7436997a08553baf3edbe82272654cc
Author: Gustavo Henrique Nihei <gu...@espressif.com>
AuthorDate: Tue Oct 19 11:44:30 2021 -0300
xtensa/esp32: Enable the creation of encrypted Flash partitions
Signed-off-by: Gustavo Henrique Nihei <gu...@espressif.com>
---
arch/xtensa/src/esp32/Kconfig | 15 ++++++++++++
arch/xtensa/src/esp32/esp32_spiflash.c | 22 ++++++++++++++----
arch/xtensa/src/esp32/esp32_spiflash.h | 3 ++-
.../xtensa/esp32/common/src/esp32_board_spiflash.c | 27 +++++++++++++++++++---
4 files changed, 59 insertions(+), 8 deletions(-)
diff --git a/arch/xtensa/src/esp32/Kconfig b/arch/xtensa/src/esp32/Kconfig
index 5d204b3..f2092d3 100644
--- a/arch/xtensa/src/esp32/Kconfig
+++ b/arch/xtensa/src/esp32/Kconfig
@@ -851,6 +851,11 @@ if ESP32_HAVE_OTA_PARTITION
comment "Application Image OTA Update support"
+config ESP32_OTA_PARTITION_ENCRYPT
+ bool "Encrypt OTA partitions"
+ default y
+ depends on ESP32_SECURE_FLASH_ENC_ENABLED
+
config ESP32_OTA_PRIMARY_SLOT_OFFSET
hex "Application image primary slot offset"
default 0x10000
@@ -887,6 +892,11 @@ endif
comment "General storage MTD configuration"
+config ESP32_STORAGE_MTD_ENCRYPT
+ bool "Encrypt Storage MTD partition"
+ default y
+ depends on ESP32_SECURE_FLASH_ENC_ENABLED
+
config ESP32_STORAGE_MTD_OFFSET
hex "Storage MTD base address in SPI Flash"
default 0x180000 if !ESP32_HAVE_OTA_PARTITION
@@ -1148,6 +1158,11 @@ config ESP32_WIFI_FS_MOUNTPT
---help---
Mount point of Wi-Fi storage file system.
+config ESP32_WIFI_MTD_ENCRYPT
+ bool "Encrypt Wi-Fi MTD partition"
+ default y
+ depends on ESP32_SECURE_FLASH_ENC_ENABLED
+
config ESP32_WIFI_MTD_OFFSET
hex "Wi-Fi MTD partition offset"
default 0x280000 if !ESP32_HAVE_OTA_PARTITION
diff --git a/arch/xtensa/src/esp32/esp32_spiflash.c b/arch/xtensa/src/esp32/esp32_spiflash.c
index 14cf18a..753a05e 100644
--- a/arch/xtensa/src/esp32/esp32_spiflash.c
+++ b/arch/xtensa/src/esp32/esp32_spiflash.c
@@ -1974,22 +1974,36 @@ static int esp32_ioctl(struct mtd_dev_s *dev, int cmd,
* Input Parameters:
* mtd_offset - MTD Partition offset from the base address in SPI Flash.
* mtd_size - Size for the MTD partition.
+ * encrypted - Flag indicating whether the newly allocated partition will
+ * have its content encrypted.
*
* Returned Value:
- * ESP32 SPI Flash MTD data pointer if success or NULL if fail
+ * ESP32 SPI Flash MTD data pointer if success or NULL if fail.
*
****************************************************************************/
struct mtd_dev_s *esp32_spiflash_alloc_mtdpart(uint32_t mtd_offset,
- uint32_t mtd_size)
+ uint32_t mtd_size,
+ bool encrypted)
{
- struct esp32_spiflash_s *priv = &g_esp32_spiflash1;
- esp32_spiflash_chip_t *chip = priv->chip;
+ struct esp32_spiflash_s *priv;
+ esp32_spiflash_chip_t *chip;
struct mtd_dev_s *mtd_part;
uint32_t blocks;
uint32_t startblock;
uint32_t size;
+ if (encrypted)
+ {
+ priv = &g_esp32_spiflash1_encrypt;
+ }
+ else
+ {
+ priv = &g_esp32_spiflash1;
+ }
+
+ chip = priv->chip;
+
ASSERT((mtd_offset + mtd_size) <= chip->chip_size);
ASSERT((mtd_offset % chip->sector_size) == 0);
ASSERT((mtd_size % chip->sector_size) == 0);
diff --git a/arch/xtensa/src/esp32/esp32_spiflash.h b/arch/xtensa/src/esp32/esp32_spiflash.h
index b814e18..38337ad 100644
--- a/arch/xtensa/src/esp32/esp32_spiflash.h
+++ b/arch/xtensa/src/esp32/esp32_spiflash.h
@@ -64,7 +64,8 @@ extern "C"
****************************************************************************/
struct mtd_dev_s *esp32_spiflash_alloc_mtdpart(uint32_t mtd_offset,
- uint32_t mtd_size);
+ uint32_t mtd_size,
+ bool encrypted);
/****************************************************************************
* Name: esp32_spiflash_get_mtd
diff --git a/boards/xtensa/esp32/common/src/esp32_board_spiflash.c b/boards/xtensa/esp32/common/src/esp32_board_spiflash.c
index 945c072..5259cae 100644
--- a/boards/xtensa/esp32/common/src/esp32_board_spiflash.c
+++ b/boards/xtensa/esp32/common/src/esp32_board_spiflash.c
@@ -51,6 +51,24 @@
#define ARRAYSIZE(x) (sizeof((x)) / sizeof((x)[0]))
+#ifdef CONFIG_ESP32_OTA_PARTITION_ENCRYPT
+# define OTA_ENCRYPT true
+#else
+# define OTA_ENCRYPT false
+#endif
+
+#ifdef CONFIG_ESP32_WIFI_MTD_ENCRYPT
+# define WIFI_ENCRYPT true
+#else
+# define WIFI_ENCRYPT false
+#endif
+
+#ifdef CONFIG_ESP32_STORAGE_MTD_ENCRYPT
+# define STORAGE_ENCRYPT true
+#else
+# define STORAGE_ENCRYPT false
+#endif
+
/****************************************************************************
* Private Types
****************************************************************************/
@@ -113,7 +131,8 @@ static int init_ota_partitions(void)
for (int i = 0; i < ARRAYSIZE(g_ota_partition_table); ++i)
{
const struct ota_partition_s *part = &g_ota_partition_table[i];
- mtd = esp32_spiflash_alloc_mtdpart(part->offset, part->size);
+ mtd = esp32_spiflash_alloc_mtdpart(part->offset, part->size,
+ OTA_ENCRYPT);
ret = ftl_initialize(i, mtd);
if (ret < 0)
@@ -350,7 +369,8 @@ static int init_wifi_partition(void)
FAR struct mtd_dev_s *mtd;
mtd = esp32_spiflash_alloc_mtdpart(CONFIG_ESP32_WIFI_MTD_OFFSET,
- CONFIG_ESP32_WIFI_MTD_SIZE);
+ CONFIG_ESP32_WIFI_MTD_SIZE,
+ WIFI_ENCRYPT);
if (!mtd)
{
ferr("ERROR: Failed to alloc MTD partition of SPI Flash\n");
@@ -414,7 +434,8 @@ static int init_storage_partition(void)
FAR struct mtd_dev_s *mtd;
mtd = esp32_spiflash_alloc_mtdpart(CONFIG_ESP32_STORAGE_MTD_OFFSET,
- CONFIG_ESP32_STORAGE_MTD_SIZE);
+ CONFIG_ESP32_STORAGE_MTD_SIZE,
+ STORAGE_ENCRYPT);
if (!mtd)
{
ferr("ERROR: Failed to alloc MTD partition of SPI Flash\n");